{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12901,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:36:52.038158694Z | 48 | PC: 12a6b | Get DOS version |
| 2018-12-25T12:36:52.041298284Z | 47 | PC: 12a77 | Get disk transfer address |
| 2018-12-25T12:36:52.042313973Z | 26 | PC: 12a8a | Set disk transfer address |
| 2018-12-25T12:36:52.043204833Z | 42 | PC: 12a9a | Get date 0x12a9a: cmp cx, 0x7c6 0x12a9e: jge 0x12aa3 0x12aa0: jmp 0x12adb 0x12aa2: nop 0x12aa3: mov ah, 0x2a 0x12aa5: int 0x21 0x12aa7: cmp dh, 9 0x12aaa: jge 0x12aaf 0x12aac: jmp 0x12adb 0x12aae: nop 0x12aaf: mov ah, 0x2a 0x12ab1: int 0x21 0x12ab3: cmp dl, 4 0x12ab6: jge 0x12abb 0x12ab8: jmp 0x12adb 0x12aba: nop 0x12abb: mov al, byte ptr [0x359] 0x12abe: call 0x12ace 0x12ac1: cmp byte ptr [0x359], 0x19 0x12ac6: je 0x12adb |
| 2018-12-25T12:36:52.045055166Z | 78 | PC: 12b5e | Find first file |
| 2018-12-25T12:36:52.049300431Z | 67 | PC: 12b9c | Get or set file attributes |
| 2018-12-25T12:36:52.060655043Z | 67 | PC: 12bae | Get or set file attributes |
| 2018-12-25T12:36:52.07828854Z | 61 | PC: 12bb9 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:36:52.08570125Z | 87 | PC: 12bc5 | Get or set file date and time |
| 2018-12-25T12:36:52.087066305Z | 44 | PC: 12bd1 | Get time 0x12bd1: and dh, 7 0x12bd4: jmp 0x12bd7 0x12bd6: nop 0x12bd7: mov ah, 0x3f 0x12bd9: mov cx, 3 0x12bdc: mov dx, 0x1d 0x12bdf: nop 0x12be0: add dx, si 0x12be2: int 0x21 0x12be4: jb 0x12c3b 0x12be6: cmp ax, 3 0x12be9: jne 0x12c3b 0x12beb: mov ax, 0x4202 0x12bee: mov cx, 0 0x12bf1: mov dx, 0 0x12bf4: int 0x21 0x12bf6: jb 0x12c3b 0x12bf8: mov cx, ax 0x12bfa: sub ax, 3 0x12bfd: mov word ptr [si + 0x21], ax |
| 2018-12-25T12:36:52.089281682Z | 63 | PC: 12be4 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:36:52.096506285Z | 66 | PC: 12bf6 | Move file pointer |
| 2018-12-25T12:36:52.097770584Z | 64 | PC: 12c1a | Write file or device (Write 716 bytes on handle 5) |
| 2018-12-25T12:36:52.106953433Z | 66 | PC: 12c2c | Move file pointer |
| 2018-12-25T12:36:52.108637202Z | 64 | PC: 12c3b | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:36:52.116245519Z | 87 | PC: 12c4e | Get or set file date and time |
| 2018-12-25T12:36:52.117845222Z | 62 | PC: 12c52 | Close file |
| 2018-12-25T12:36:52.126803003Z | 67 | PC: 12c61 | Get or set file attributes |
| 2018-12-25T12:36:52.134139597Z | 26 | PC: 12c6e | Set disk transfer address |
{"DateBased":true,"Day":1,"Month":1,"Year":1990,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12901,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:36:52.321713786Z | 48 | PC: 12a6b | Get DOS version |
| 2018-12-25T12:36:52.323278245Z | 47 | PC: 12a77 | Get disk transfer address |
| 2018-12-25T12:36:52.324233296Z | 26 | PC: 12a8a | Set disk transfer address |
| 2018-12-25T12:36:52.325075917Z | 42 | PC: 12a9a | Get date 0x12a9a: cmp cx, 0x7c6 0x12a9e: jge 0x12aa3 0x12aa0: jmp 0x12adb 0x12aa2: nop 0x12aa3: mov ah, 0x2a 0x12aa5: int 0x21 0x12aa7: cmp dh, 9 0x12aaa: jge 0x12aaf 0x12aac: jmp 0x12adb 0x12aae: nop 0x12aaf: mov ah, 0x2a 0x12ab1: int 0x21 0x12ab3: cmp dl, 4 0x12ab6: jge 0x12abb 0x12ab8: jmp 0x12adb 0x12aba: nop 0x12abb: mov al, byte ptr [0x359] 0x12abe: call 0x12ace 0x12ac1: cmp byte ptr [0x359], 0x19 0x12ac6: je 0x12adb |
| 2018-12-25T12:36:52.326920292Z | 42 | PC: 12aa7 | Get date 0x12aa7: cmp dh, 9 0x12aaa: jge 0x12aaf 0x12aac: jmp 0x12adb 0x12aae: nop 0x12aaf: mov ah, 0x2a 0x12ab1: int 0x21 0x12ab3: cmp dl, 4 0x12ab6: jge 0x12abb 0x12ab8: jmp 0x12adb 0x12aba: nop 0x12abb: mov al, byte ptr [0x359] 0x12abe: call 0x12ace 0x12ac1: cmp byte ptr [0x359], 0x19 0x12ac6: je 0x12adb 0x12ac8: inc byte ptr [0x359] 0x12acc: loop 0x12abb 0x12ace: mov ah, 5 0x12ad0: mov ch, 0 0x12ad2: mov dh, 0 0x12ad4: mov dl, byte ptr [0x359] |
| 2018-12-25T12:36:52.329479435Z | 78 | PC: 12b5e | Find first file |
| 2018-12-25T12:36:52.335098731Z | 67 | PC: 12b9c | Get or set file attributes |
| 2018-12-25T12:36:52.340259812Z | 67 | PC: 12bae | Get or set file attributes |
| 2018-12-25T12:36:52.355410673Z | 61 | PC: 12bb9 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:36:52.361634092Z | 87 | PC: 12bc5 | Get or set file date and time |
| 2018-12-25T12:36:52.363078261Z | 44 | PC: 12bd1 | Get time 0x12bd1: and dh, 7 0x12bd4: jmp 0x12bd7 0x12bd6: nop 0x12bd7: mov ah, 0x3f 0x12bd9: mov cx, 3 0x12bdc: mov dx, 0x1d 0x12bdf: nop 0x12be0: add dx, si 0x12be2: int 0x21 0x12be4: jb 0x12c3b 0x12be6: cmp ax, 3 0x12be9: jne 0x12c3b 0x12beb: mov ax, 0x4202 0x12bee: mov cx, 0 0x12bf1: mov dx, 0 0x12bf4: int 0x21 0x12bf6: jb 0x12c3b 0x12bf8: mov cx, ax 0x12bfa: sub ax, 3 0x12bfd: mov word ptr [si + 0x21], ax |
| 2018-12-25T12:36:52.365651495Z | 63 | PC: 12be4 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:36:52.370331333Z | 66 | PC: 12bf6 | Move file pointer |
| 2018-12-25T12:36:52.371195611Z | 64 | PC: 12c1a | Write file or device (Write 716 bytes on handle 5) |
| 2018-12-25T12:36:52.377278255Z | 66 | PC: 12c2c | Move file pointer |
| 2018-12-25T12:36:52.378485871Z | 64 | PC: 12c3b | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:36:52.38281144Z | 87 | PC: 12c4e | Get or set file date and time |
| 2018-12-25T12:36:52.384671446Z | 62 | PC: 12c52 | Close file |
| 2018-12-25T12:36:52.390263022Z | 67 | PC: 12c61 | Get or set file attributes |
| 2018-12-25T12:36:52.396300397Z | 26 | PC: 12c6e | Set disk transfer address |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12901,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:36:52.768051609Z | 48 | PC: 12a6b | Get DOS version |
| 2018-12-25T12:36:52.769718869Z | 47 | PC: 12a77 | Get disk transfer address |
| 2018-12-25T12:36:52.771143114Z | 26 | PC: 12a8a | Set disk transfer address |
| 2018-12-25T12:36:52.772203032Z | 42 | PC: 12a9a | Get date 0x12a9a: cmp cx, 0x7c6 0x12a9e: jge 0x12aa3 0x12aa0: jmp 0x12adb 0x12aa2: nop 0x12aa3: mov ah, 0x2a 0x12aa5: int 0x21 0x12aa7: cmp dh, 9 0x12aaa: jge 0x12aaf 0x12aac: jmp 0x12adb 0x12aae: nop 0x12aaf: mov ah, 0x2a 0x12ab1: int 0x21 0x12ab3: cmp dl, 4 0x12ab6: jge 0x12abb 0x12ab8: jmp 0x12adb 0x12aba: nop 0x12abb: mov al, byte ptr [0x359] 0x12abe: call 0x12ace 0x12ac1: cmp byte ptr [0x359], 0x19 0x12ac6: je 0x12adb |
| 2018-12-25T12:36:52.774975359Z | 78 | PC: 12b5e | Find first file |
| 2018-12-25T12:36:52.780982807Z | 67 | PC: 12b9c | Get or set file attributes |
| 2018-12-25T12:36:52.786488058Z | 67 | PC: 12bae | Get or set file attributes |
| 2018-12-25T12:36:52.802605805Z | 61 | PC: 12bb9 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:36:52.809181091Z | 87 | PC: 12bc5 | Get or set file date and time |
| 2018-12-25T12:36:52.81082439Z | 44 | PC: 12bd1 | Get time 0x12bd1: and dh, 7 0x12bd4: jmp 0x12bd7 0x12bd6: nop 0x12bd7: mov ah, 0x3f 0x12bd9: mov cx, 3 0x12bdc: mov dx, 0x1d 0x12bdf: nop 0x12be0: add dx, si 0x12be2: int 0x21 0x12be4: jb 0x12c3b 0x12be6: cmp ax, 3 0x12be9: jne 0x12c3b 0x12beb: mov ax, 0x4202 0x12bee: mov cx, 0 0x12bf1: mov dx, 0 0x12bf4: int 0x21 0x12bf6: jb 0x12c3b 0x12bf8: mov cx, ax 0x12bfa: sub ax, 3 0x12bfd: mov word ptr [si + 0x21], ax |
| 2018-12-25T12:36:52.813463227Z | 63 | PC: 12be4 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:36:52.82054044Z | 66 | PC: 12bf6 | Move file pointer |
| 2018-12-25T12:36:52.822251844Z | 64 | PC: 12c1a | Write file or device (Write 716 bytes on handle 5) |
| 2018-12-25T12:36:52.831001457Z | 66 | PC: 12c2c | Move file pointer |
| 2018-12-25T12:36:52.832920714Z | 64 | PC: 12c3b | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:36:52.839445907Z | 87 | PC: 12c4e | Get or set file date and time |
| 2018-12-25T12:36:52.841232184Z | 62 | PC: 12c52 | Close file |
| 2018-12-25T12:36:52.849356569Z | 67 | PC: 12c61 | Get or set file attributes |
| 2018-12-25T12:36:52.85888129Z | 26 | PC: 12c6e | Set disk transfer address |
{"DateBased":true,"Day":1,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12901,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:36:53.058697742Z | 48 | PC: 12a6b | Get DOS version |
| 2018-12-25T12:36:53.060574389Z | 47 | PC: 12a77 | Get disk transfer address |
| 2018-12-25T12:36:53.062625862Z | 26 | PC: 12a8a | Set disk transfer address |
| 2018-12-25T12:36:53.064613979Z | 42 | PC: 12a9a | Get date 0x12a9a: cmp cx, 0x7c6 0x12a9e: jge 0x12aa3 0x12aa0: jmp 0x12adb 0x12aa2: nop 0x12aa3: mov ah, 0x2a 0x12aa5: int 0x21 0x12aa7: cmp dh, 9 0x12aaa: jge 0x12aaf 0x12aac: jmp 0x12adb 0x12aae: nop 0x12aaf: mov ah, 0x2a 0x12ab1: int 0x21 0x12ab3: cmp dl, 4 0x12ab6: jge 0x12abb 0x12ab8: jmp 0x12adb 0x12aba: nop 0x12abb: mov al, byte ptr [0x359] 0x12abe: call 0x12ace 0x12ac1: cmp byte ptr [0x359], 0x19 0x12ac6: je 0x12adb |
| 2018-12-25T12:36:53.067086442Z | 78 | PC: 12b5e | Find first file |
| 2018-12-25T12:36:53.074321457Z | 67 | PC: 12b9c | Get or set file attributes |
| 2018-12-25T12:36:53.080861239Z | 67 | PC: 12bae | Get or set file attributes |
| 2018-12-25T12:36:53.101283152Z | 61 | PC: 12bb9 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:36:53.110603923Z | 87 | PC: 12bc5 | Get or set file date and time |
| 2018-12-25T12:36:53.1150441Z | 44 | PC: 12bd1 | Get time 0x12bd1: and dh, 7 0x12bd4: jmp 0x12bd7 0x12bd6: nop 0x12bd7: mov ah, 0x3f 0x12bd9: mov cx, 3 0x12bdc: mov dx, 0x1d 0x12bdf: nop 0x12be0: add dx, si 0x12be2: int 0x21 0x12be4: jb 0x12c3b 0x12be6: cmp ax, 3 0x12be9: jne 0x12c3b 0x12beb: mov ax, 0x4202 0x12bee: mov cx, 0 0x12bf1: mov dx, 0 0x12bf4: int 0x21 0x12bf6: jb 0x12c3b 0x12bf8: mov cx, ax 0x12bfa: sub ax, 3 0x12bfd: mov word ptr [si + 0x21], ax |
| 2018-12-25T12:36:53.117593857Z | 63 | PC: 12be4 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:36:53.12842574Z | 66 | PC: 12bf6 | Move file pointer |
| 2018-12-25T12:36:53.130111128Z | 64 | PC: 12c1a | Write file or device (Write 716 bytes on handle 5) |
| 2018-12-25T12:36:53.141343662Z | 66 | PC: 12c2c | Move file pointer |
| 2018-12-25T12:36:53.144103981Z | 64 | PC: 12c3b | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:36:53.148859615Z | 87 | PC: 12c4e | Get or set file date and time |
| 2018-12-25T12:36:53.150889654Z | 62 | PC: 12c52 | Close file |
| 2018-12-25T12:36:53.156370621Z | 67 | PC: 12c61 | Get or set file attributes |
| 2018-12-25T12:36:53.164576598Z | 26 | PC: 12c6e | Set disk transfer address |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12901,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:36:53.342006958Z | 48 | PC: 12a6b | Get DOS version |
| 2018-12-25T12:36:53.344484306Z | 47 | PC: 12a77 | Get disk transfer address |
| 2018-12-25T12:36:53.346222752Z | 26 | PC: 12a8a | Set disk transfer address |
| 2018-12-25T12:36:53.347914987Z | 42 | PC: 12a9a | Get date 0x12a9a: cmp cx, 0x7c6 0x12a9e: jge 0x12aa3 0x12aa0: jmp 0x12adb 0x12aa2: nop 0x12aa3: mov ah, 0x2a 0x12aa5: int 0x21 0x12aa7: cmp dh, 9 0x12aaa: jge 0x12aaf 0x12aac: jmp 0x12adb 0x12aae: nop 0x12aaf: mov ah, 0x2a 0x12ab1: int 0x21 0x12ab3: cmp dl, 4 0x12ab6: jge 0x12abb 0x12ab8: jmp 0x12adb 0x12aba: nop 0x12abb: mov al, byte ptr [0x359] 0x12abe: call 0x12ace 0x12ac1: cmp byte ptr [0x359], 0x19 0x12ac6: je 0x12adb |
| 2018-12-25T12:36:53.351184334Z | 78 | PC: 12b5e | Find first file |
| 2018-12-25T12:36:53.35812836Z | 67 | PC: 12b9c | Get or set file attributes |
| 2018-12-25T12:36:53.364450612Z | 67 | PC: 12bae | Get or set file attributes |
| 2018-12-25T12:36:53.381802392Z | 61 | PC: 12bb9 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:36:53.391072065Z | 87 | PC: 12bc5 | Get or set file date and time |
| 2018-12-25T12:36:53.393113604Z | 44 | PC: 12bd1 | Get time 0x12bd1: and dh, 7 0x12bd4: jmp 0x12bd7 0x12bd6: nop 0x12bd7: mov ah, 0x3f 0x12bd9: mov cx, 3 0x12bdc: mov dx, 0x1d 0x12bdf: nop 0x12be0: add dx, si 0x12be2: int 0x21 0x12be4: jb 0x12c3b 0x12be6: cmp ax, 3 0x12be9: jne 0x12c3b 0x12beb: mov ax, 0x4202 0x12bee: mov cx, 0 0x12bf1: mov dx, 0 0x12bf4: int 0x21 0x12bf6: jb 0x12c3b 0x12bf8: mov cx, ax 0x12bfa: sub ax, 3 0x12bfd: mov word ptr [si + 0x21], ax |
| 2018-12-25T12:36:53.396014239Z | 63 | PC: 12be4 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:36:53.405598482Z | 66 | PC: 12bf6 | Move file pointer |
| 2018-12-25T12:36:53.407647909Z | 64 | PC: 12c1a | Write file or device (Write 716 bytes on handle 5) |
| 2018-12-25T12:36:53.414782837Z | 66 | PC: 12c2c | Move file pointer |
| 2018-12-25T12:36:53.416610739Z | 64 | PC: 12c3b | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:36:53.421055143Z | 87 | PC: 12c4e | Get or set file date and time |
| 2018-12-25T12:36:53.422351844Z | 62 | PC: 12c52 | Close file |
| 2018-12-25T12:36:53.428516812Z | 67 | PC: 12c61 | Get or set file attributes |
| 2018-12-25T12:36:53.435269699Z | 26 | PC: 12c6e | Set disk transfer address |
{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12901,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:36:53.876556872Z | 48 | PC: 12a6b | Get DOS version |
| 2018-12-25T12:36:53.878733061Z | 47 | PC: 12a77 | Get disk transfer address |
| 2018-12-25T12:36:53.880096007Z | 26 | PC: 12a8a | Set disk transfer address |
| 2018-12-25T12:36:53.881297568Z | 42 | PC: 12a9a | Get date 0x12a9a: cmp cx, 0x7c6 0x12a9e: jge 0x12aa3 0x12aa0: jmp 0x12adb 0x12aa2: nop 0x12aa3: mov ah, 0x2a 0x12aa5: int 0x21 0x12aa7: cmp dh, 9 0x12aaa: jge 0x12aaf 0x12aac: jmp 0x12adb 0x12aae: nop 0x12aaf: mov ah, 0x2a 0x12ab1: int 0x21 0x12ab3: cmp dl, 4 0x12ab6: jge 0x12abb 0x12ab8: jmp 0x12adb 0x12aba: nop 0x12abb: mov al, byte ptr [0x359] 0x12abe: call 0x12ace 0x12ac1: cmp byte ptr [0x359], 0x19 0x12ac6: je 0x12adb |
| 2018-12-25T12:36:53.884285553Z | 78 | PC: 12b5e | Find first file |
| 2018-12-25T12:36:53.891614543Z | 67 | PC: 12b9c | Get or set file attributes |
| 2018-12-25T12:36:53.897697059Z | 67 | PC: 12bae | Get or set file attributes |
| 2018-12-25T12:36:53.914705448Z | 61 | PC: 12bb9 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:36:53.922911778Z | 87 | PC: 12bc5 | Get or set file date and time |
| 2018-12-25T12:36:53.924385886Z | 44 | PC: 12bd1 | Get time 0x12bd1: and dh, 7 0x12bd4: jmp 0x12bd7 0x12bd6: nop 0x12bd7: mov ah, 0x3f 0x12bd9: mov cx, 3 0x12bdc: mov dx, 0x1d 0x12bdf: nop 0x12be0: add dx, si 0x12be2: int 0x21 0x12be4: jb 0x12c3b 0x12be6: cmp ax, 3 0x12be9: jne 0x12c3b 0x12beb: mov ax, 0x4202 0x12bee: mov cx, 0 0x12bf1: mov dx, 0 0x12bf4: int 0x21 0x12bf6: jb 0x12c3b 0x12bf8: mov cx, ax 0x12bfa: sub ax, 3 0x12bfd: mov word ptr [si + 0x21], ax |
| 2018-12-25T12:36:53.926930379Z | 63 | PC: 12be4 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T12:36:53.938024075Z | 66 | PC: 12bf6 | Move file pointer |
| 2018-12-25T12:36:53.950065413Z | 64 | PC: 12c1a | Write file or device (Write 716 bytes on handle 5) |
| 2018-12-25T12:36:53.957846137Z | 66 | PC: 12c2c | Move file pointer |
| 2018-12-25T12:36:53.959898383Z | 64 | PC: 12c3b | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T12:36:53.965932089Z | 87 | PC: 12c4e | Get or set file date and time |
| 2018-12-25T12:36:53.967771409Z | 62 | PC: 12c52 | Close file |
| 2018-12-25T12:36:53.97874789Z | 67 | PC: 12c61 | Get or set file attributes |
| 2018-12-25T12:36:53.987845429Z | 26 | PC: 12c6e | Set disk transfer address |